WVD and SSO with AAD Connect PHS/PTA

Microsoft

Hi Guys,

 

As far as I know in order to use SSO in WVD, we must have AD FS.

But what about below topology, when we use PHS/PTA as the synchronization method in AAD connect, also we connect WVD pool with On-prems environment using VPN/ER. Can clients in On-prems AD SSO to WVD Pool?

 

1.png

5 Replies

To add something, I did some check of how seamless SSO works.

My question is if WVD can be regarded as an App that use seamless SSO

 

clipboard_image_0.png

Your client is not connecting to WVD via the internal addresses but via the hosted WVD gateway/brokers of Microsoft. This means your schema is incorrect.

https://cdn.dribbble.com/users/1135328/screenshots/6393820/wvd_architecture_2x.jpg
Thanks for your reply @knowlite.
Assume the WVD pool in my diagram means both WVD pool and hosted WVD gateway/brokers, is it possible to enable seamless SSO?
My main question is if we can use Seamless SSO(no ADFS) for WVD?

I found a blog saying below, but it's not from official MS docs, so I am afraid I cannot present this to customer as evidence.
""8: No Direct SSO using Azure AD Native – If you today are using SAML based SSO with for instance Azure AD or other iDP’s such as if you have end-users on Azure AD joined machines and want to provide SSO directly to a WVD desktop this is not currently possible and it requires that you have configured an ADFS.""
From: https://msandbu.org/windows-virtual-desktop-breakdown-of-architecture-and-current-status/

Not sure if anyone can help on this.

The new Remote Desktop app provides SSO once the credentials have been cached, so it's a one time configuration. Going through RDWEB there is no SSO functionality without ADFS (unfortunately).